Java: SSO made easy by SAML 2.0 with ADFS
Recently I wrote blog about Fiori Launchpad: SSO made easy by SAML 2.0 with ADFS On same blog there was questions regarding JAVA SSO with SAML 2.0. I have seen so many documents regarding configuration of JAVA SAML but none of them I have found as recent with updated version of SAP NetWeaver.
I suddenly decided to write something on it and give an Idea to community that how can they achieve this. Keep in mind that SAML in ABAP and JAVA is almost same configuration and I am going to give an overview of it how to do it in Java system. For some of the steps I am going to refer you to look in my Fiori Launchpad: SSO made easy by SAML 2.0 with ADFS document. Hope this will help everyone to configure SAML for JAVA
Matt Fraser also discussed on this Fiori Launchpad: SSO made easy by SAML 2.0 with ADFS about SPNego on JAVA and this can be found at : Single Sign-On for Java with SPNego
Where to start?
Open Netweaver Administration screen on your java system http/s://host:port/nwa and navigate to Configuration >> Security >> Authentication and Single Sign-On >> SAML 2.0
Enable SAML 2.0 Support
Local Provider configuration
Provider name is your FQHN of system
On this screen click Browse button on Signing Key Pair
Press Create button
Create Key storage by continuing on screen
Continue on next screen
Click on Finish
Trusted providers Configuration
Change your tab within SAML 2.0 screen to Trusted Providers and select Add >> Specify Metadata URL
URL : https://fqdn of ADFS/FederationMetadata/2007-06/FederationMetadata.xml
Note: In ABAP system you need to provide XML file but in JAVA you can select URL of XML file
On this screen deselect Verify option and continue
Provide signed certificate
Note: How to create certificate look in to Fiori Launchpad:SSO made easy by SAML 2.0 with ADFS Section : Trusted Provider (Note getting certificate)
Provide Name and continue
Now continue on all steps with default settings till end of the wizard.
Now go to trusted provider Identity Federation tab and add Name ID Format (In my case username)
Now make sure you enable configuration and after download Local Provider Metadata.
Note: If your XML file get blank, restart both Local Provider and Trusted Provider.
Add Relying Party Trust
In order to configure this follow steps under Configure ADFS section on Fiori Launchpad: SSO made easy by SAML 2.0 with ADFS
Now test your configuration If your configuration not work please check below settings on Components >> ticket
SAML2LoginModule is at the top of the list.
Thank you for reading